Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

logfile hijackthis (error safe en veel andere troep)

Anoniem
smeenk
12 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 11:14:38, on 1-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\COMPAQ\ACLIENT\ACLIENT.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\Windows\Cpqdiag\Cpqdfwag.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Windows\explorer.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Windows\system32\lexmvservice.exe
    C:\Windows\system32\lexwebservice.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    C:\Windows\system32\svchost.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    C:\Windows\system32\rundll32.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office\MSACCESS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Windows\winhlp32.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fullwonder.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fullwonder.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=explorer.exe "
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinPatrol System Monitor] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYNL
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O14 - IERESET.INF: START_PAGE_URL=http://dsl.wanadoo.nl/?marketingCode=07MSREF001
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
    O16 - DPF: {00000000-0000-0000-0000-000050050000} - http://www.advnt01.com/games/ABoxInst_int12.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Reinstall - C:\Windows\system32\jt8407lqe.dll
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\Windows\system32\omomocei.dll (file missing)
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
    O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
    O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\Windows\system32\lexmvservice.exe
    O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\Windows\system32\lexwebservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\system32\r_server.exe" /service (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe



  • Download de L2Mfix van een van devolgende locaties:
    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Plaats het bestand op je bureaublad. Dubbelklik op l2mfix.exe.
    Klik op "Install" om het mapje uit te pakken.
    Op je bureaublad open je de map l2mfix.
    Klik op l2fix.bat.
    Kies voor optie #1: Find Log door het cijfer 1 te typen en dan op return te drukken.
    Je computer zal nu gescand worden.Dit kan even duren. Na een tijdje wordt er een kladblokbestand geopend.
    Kopieer en plak de inhoud van dit bestand in je volgende post.

    Let op: Optie #2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!
  • L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\Windows\\system32\\jt8407lqe.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{5F85C256-3F9C-01B9-726A-B982ED5B7B24}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren…"
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen…"
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{B5FB6487-7E79-4816-B73B-8A65E41971DA}"="BullGuard Antivirus v4"
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser"
    "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View"
    "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
    "{065CE359-A57B-45AE-AC34-356B8A572912}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\InprocServer32]
    @="C:\\Windows\\system32\\mjl_hp.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    birdihuy.dll Thu 5 Jan 2006 14:54:26 A…. 61 0,06 K
    browseui.dll Thu 24 Nov 2005 1:39:20 A…. 1.022.464 998,50 K
    danim.dll Sat 5 Nov 2005 4:20:32 A…. 1.057.280 1,01 M
    dnj201~1.dll Tue 24 Jan 2006 13:01:18 ..S.R 237.014 231,46 K
    gdi32.dll Thu 29 Dec 2005 3:56:06 A…. 280.064 273,50 K
    gwfspi~1.dll Fri 4 Nov 2005 16:27:18 A…. 23.304 22,76 K
    jt8407~1.dll Mon 30 Jan 2006 9:56:02 ..S.R 237.014 231,46 K
    legitc~1.dll Fri 4 Nov 2005 16:27:24 A…. 534.280 521,76 K
    mjl_hp.dll Wed 1 Feb 2006 10:24:42 ….. 237.014 231,46 K
    mpfapi.dll Fri 11 Nov 2005 16:38:50 A…. 9.216 9,00 K
    mshtml.dll Thu 24 Nov 2005 1:39:22 A…. 3.013.632 2,87 M
    s2rslc~1.dll Mon 30 Jan 2006 10:43:36 ..S.R 233.818 228,34 K
    shdocvw.dll Thu 1 Dec 2005 4:33:22 A…. 1.492.480 1,42 M
    urlmon.dll Sat 5 Nov 2005 4:20:36 A…. 605.696 591,50 K
    winmgm~1.dll Mon 9 Jan 2006 12:07:48 A…. 6.656 6,50 K
    xp54371.dll Thu 5 Jan 2006 14:17:32 A…. 23.552 23,00 K
    zlbw.dll Thu 5 Jan 2006 14:17:54 A…. 46.592 45,50 K

    17 items found: 17 files (3 H/S), 0 directories.
    Total of file sizes: 9.060.137 bytes 8,64 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Wed 1 Feb 2006 10:25:42 ..S.R 237.014 231,46 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 237.014 bytes 231,46 K
    **********************************************************************************
    Directory Listing of system files:
    Het volume in station C heeft geen naam.
    Het volumenummer is 488F-9CAA

    Map van C:\Windows\System32

    01-02-2006 10:29 <DIR> dllcache
    01-02-2006 10:25 237.014 guard.tmp
    30-01-2006 10:43 233.818 s2rslc971f.dll
    30-01-2006 09:56 237.014 jt8407lqe.dll
    24-01-2006 13:01 237.014 dnj2011oe.dll
    23-07-2004 21:11 <DIR> Microsoft
    4 bestand(en) 944.860 bytes
    2 map(pen) 26.172.932.096 bytes beschikbaar
  • Sluit alle openstaande programma's.
    Dubbelklik op l2mfix.bat.
    Kies voor optie #2: Run Fix door het cijfer 2 te typen.
    Druk op Enter.
    Het tooltje zal starten.
    Gebruik je toetsenbord niet voor dat het tooltje gestopt is!!!
    Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt.
    Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal).
    L2mfix gaat je computer scannen.
    Wanneer het klaar is wordt er een nieuw kladblokbestand geopend.
    Post de inhoud van dit bestand.
    Maak een nieuwe Hijackthislog en post deze ook.
  • L2mfix 010406
    Creating Account.
    De opdracht is voltooid.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX … successful

    Running From:
    C:\Windows\system32

    Killing Processes!

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 664 'smss.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 736 'winlogon.exe'
    Killing PID 736 'winlogon.exe'
    Killing PID 736 'winlogon.exe'
    Killing PID 736 'winlogon.exe'
    Killing PID 736 'winlogon.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1780 'explorer.exe'
    Killing PID 1780 'explorer.exe'
    Killing PID 1780 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 2516 'rundll32.exe'
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrators … successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    Deleting: C:\Windows\system32\dnj2011oe.dll
    Successfully Deleted: C:\Windows\system32\dnj2011oe.dll
    Deleting: C:\Windows\system32\jt8407lqe.dll
    Successfully Deleted: C:\Windows\system32\jt8407lqe.dll
    Deleting: C:\Windows\system32\mjl_hp.dll
    Successfully Deleted: C:\Windows\system32\mjl_hp.dll
    Deleting: C:\Windows\system32\s2rslc971f.dll
    Successfully Deleted: C:\Windows\system32\s2rslc971f.dll
    Deleting: C:\Windows\system32\guard.tmp
    Successfully Deleted: C:\Windows\system32\guard.tmp

    msg11?.dll
    0 bestand(en) gekopieerd.



    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\Windows\\system32\\jt8407lqe.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    The following are the files found:
    ****************************************************************************
    C:\Windows\system32\dnj2011oe.dll
    C:\Windows\system32\jt8407lqe.dll
    C:\Windows\system32\mjl_hp.dll
    C:\Windows\system32\s2rslc971f.dll
    C:\Windows\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}\InprocServer32]
    @="C:\\Windows\\system32\\mjl_hp.dll"
    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{065CE359-A57B-45AE-AC34-356B8A572912}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{065CE359-A57B-45AE-AC34-356B8A572912}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************
    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    adding: dlls/dnj2011oe.dll (164 bytes security) (deflated 5%)
    adding: dlls/guard.tmp (164 bytes security) (deflated 5%)
    adding: dlls/jt8407lqe.dll (164 bytes security) (deflated 5%)
    adding: dlls/mjl_hp.dll (164 bytes security) (deflated 5%)
    adding: dlls/s2rslc971f.dll (164 bytes security) (deflated 4%)
    adding: backregs/065CE359-A57B-45AE-AC34-356B8A572912.reg (104 bytes security) (deflated 71%)
    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
    adding: backregs/shell.reg (164 bytes security) (deflated 73%)
  • Logfile of HijackThis v1.99.1
    Scan saved at 13:01:30, on 1-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\COMPAQ\ACLIENT\ACLIENT.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\Windows\Cpqdiag\Cpqdfwag.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\lexmvservice.exe
    C:\Windows\system32\lexwebservice.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\Windows\System32\NMSSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fullwonder.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fullwonder.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=explorer.exe "
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinPatrol System Monitor] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYNL
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O14 - IERESET.INF: START_PAGE_URL=http://dsl.wanadoo.nl/?marketingCode=07MSREF001
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
    O16 - DPF: {00000000-0000-0000-0000-000050050000} - http://www.advnt01.com/games/ABoxInst_int12.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Reinstall - C:\Windows\system32\jt8407lqe.dll (file missing)
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\Windows\system32\omomocei.dll (file missing)
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
    O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
    O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\Windows\system32\lexmvservice.exe
    O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\Windows\system32\lexwebservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\system32\r_server.exe" /service (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe



  • Voor ik het vergeet, alvast bedankt voor je hulp. Ik krijg overigens ook steeds een melding van McAfee en WinPatrol dat er een wijziging is in mijn host-bestand.
  • 1. Download The Hoster, unzip het naar een eigen map: http://www.funkytoad.com/download/hoster.zip
    Start The Hoster, klik op "Restore Original Hosts", klik OK, sluit The Hoster.

    2. Download ATF cleaner (gemaakt door Atribune)

    3. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven.
    Haal ook het vinkje weg bij: "Bestandsextensies verbergen voor bekende bestandstypes". Dit bevestigen met "OK".

    4. Start de computer in veilige modus.

    5. Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:dcc50eea82]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=explorer.exe "
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYNL
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
    O16 - DPF: {00000000-0000-0000-0000-000050050000} - http://www.advnt01.com/games/ABoxInst_int12.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O20 - Winlogon Notify: Reinstall - C:\Windows\system32\jt8407lqe.dll (file missing)
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\Windows\system32\omomocei.dll (file missing) [/b:dcc50eea82]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    6. Zoek met je verkenner de volgende bestanden(vetgedrukt) en verwijder deze indien ze aanwezig zijn:
    c:\[b:dcc50eea82]secure32.html[/b:dcc50eea82]
    C:\WINDOWS\[b:dcc50eea82]secure32.html[/b:dcc50eea82]

    7. Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:dcc50eea82]Select All[/b:dcc50eea82].
    Klik op de knop [b:dcc50eea82]Empty Selected[/b:dcc50eea82].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:dcc50eea82]Select All[/b:dcc50eea82].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:dcc50eea82]Empty Selected[/b:dcc50eea82].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:dcc50eea82]Select All[/b:dcc50eea82].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:dcc50eea82]Empty Selected[/b:dcc50eea82].
    Ga naar het tabblad "Main" en klik op de knop [b:dcc50eea82]Exit[/b:dcc50eea82] om het programma af te sluiten.

    8. Ga naar start – uitvoeren en tik in: [b:dcc50eea82] ipconfig /flushdns[/b:dcc50eea82]

    9. Herstart de computer in normale modus.

    10. Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

    11. Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda.

    Groeten smeenk :)
  • Incident Status Location

    Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
    Adware:adware/sqwire Not disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
    Adware:adware
    azespyware Not disinfected C:\WINDOWS\SYSTEM32\white.lst
    Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:application
    egclean32 Not disinfected C:\Documents and Settings\Arjan\Bureaublad\Registry Cleaner.lnk
    Adware:adware/abox Not disinfected C:\WINDOWS\ABox.exe
    Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
    Adware:adware/ncase Not disinfected C:\WINDOWS\msbbau.dat
    Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
    Adware:adware/cws.yexe Not disinfected C:\WINDOWS\inet20003
    Adware:adware/qoologic Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Spyware:spyware/altnet Not disinfected Windows Registry
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Arjan\Cookies\arjan@stat.onestat[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.com.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.overture.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[server.iad.liveperson.net/hc/81668903]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[server.iad.liveperson.net/hc/81668903]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[81668903]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[81668903]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arjan\Application Data\Mozilla\Firefox\Profiles\default.to6\cookies.txt[]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\backup.zip[dnj2011oe.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\backup.zip[guard.tmp]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\backup.zip[jt8407lqe.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\backup.zip[mjl_hp.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\backup.zip[s2rslc971f.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\dlls\dnj2011oe.dll
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\dlls\guard.tmp
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\dlls\jt8407lqe.dll
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\dlls\mjl_hp.dll
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\dlls\s2rslc971f.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arjan\Bureaublad\l2mfix.exe[Process.exe]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Arjan\Cookies\arjan@stat.onestat[2].txt
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
    Virus:Trj/Cicos.H Disinfected C:\Program Files\Network Monitor
    etmon.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\UERSM_0001_N57M0112NetInstaller.exe
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr
    Adware:Adware/Sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe
    Virus:Trj/Mitglieder.FO Disinfected Lokale mappen\Postvak IN\Call U\sales@call-u.nl\Health_and_knowledge.zip[5.exe]
    Virus:W32/Sober.V.worm!CME-456 Disinfected Lokale mappen\Verwijderde items\failure notice\~0000000.~[Winzipped-Text_Data.txt .pif]
    Virus:Trj/Mitglieder.FO Disinfected Lokale mappen\Verzonden items\Health_and_knowledge.zip[5.exe]


  • Logfile of HijackThis v1.99.1
    Scan saved at 15:45:38, on 1-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\COMPAQ\ACLIENT\ACLIENT.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\Windows\Cpqdiag\Cpqdfwag.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Windows\system32\lexmvservice.exe
    C:\Windows\system32\lexwebservice.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fullwonder.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fullwonder.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinPatrol System Monitor] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O14 - IERESET.INF: START_PAGE_URL=http://dsl.wanadoo.nl/?marketingCode=07MSREF001
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
    O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
    O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\Windows\system32\lexmvservice.exe
    O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\Windows\system32\lexwebservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\system32\r_server.exe" /service (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe



  • Download Killbox.
    Klik op killbox.exe.
    Kies de optie: "[b:8d30a9f950]Delete on reboot[/b:8d30a9f950]".

    [b:8d30a9f950]Kopieer[/b:8d30a9f950] het volgende vetgedrukt deel:

    [b:8d30a9f950]C:\WINDOWS\SYSTEM32\f3PSSavr.scr
    C:\WINDOWS\SYSTEM32\tsuninst.exe
    C:\WINDOWS\SYSTEM32\white.lst
    C:\Documents and Settings\Arjan\Bureaublad\Registry Cleaner.lnk
    C:\WINDOWS\ABox.exe
    C:\WINDOWS\drsmartload.dat
    C:\WINDOWS\msbbau.dat
    C:\WINDOWS\uniq
    C:\Program Files\MSN Messenger\riched20.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSM_0001_N57M0112NetInstaller.exe
    C:\WINDOWS\Downloaded Program Files\UERSM_0001_N57M0112NetInstaller.exe[/b:8d30a9f950]

    Open [b:8d30a9f950]'file'[/b:8d30a9f950] in het killboxmenu bovenaan en kies: [b:8d30a9f950]Paste from clipboard[/b:8d30a9f950]

    Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
    Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

    Klik op de knop: [b:8d30a9f950]All files[/b:8d30a9f950] (!Belangrijk!)

    Daarna, Klik op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc moet nu rebooten.


    Na de herstart verwijder je de volgende mappen:
    C:[b:8d30a9f950]!Killbox[/b:8d30a9f950] <= dit zijn de backups van Killbox en die mogen wel weg
    C:\Documents and Settings\Arjan\Bureaublad\[b:8d30a9f950]l2mfix[/b:8d30a9f950]\ <= de map l2mfix op je bureaublad
    C:\WINDOWS\[b:8d30a9f950]inet20003[/b:8d30a9f950]

    Maak daarna je prullenbak leeg.



    1) Open een kladblokbestand.
    2) Kopieer onderstaande code in dit kladblokbestand.
    3) Ga naar Bestand - Opslaan als.
    -Bij "Opslaan in" kies je: Bureaublad
    -Bij "Bestandsnaam" zet je: fix.reg
    -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    -Klik op de knop Opslaan.[code:1:8d30a9f950]REGEDIT4

    [-HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}][/code:1:8d30a9f950]4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Van die spyware cookies hoef je niet direct wakker te liggen.
    Het is wel verstandig "indirecte" of "third party" cookies te blokkeren.
    Dat doe je als volgt:

    [b:8d30a9f950]Internet Explorer 6[/b:8d30a9f950]:
    Extra
    Internet-opties
    tabblad Privacy
    knop Geavanceerd
    vinkje plaatsen voor "Automatische cookie-verwerking opheffen"
    onder "Indirecte cookies" een vinkje plaatsen voor: "Blokkeren"
    OK, OK

    [b:8d30a9f950]Firefox 1.5[/b:8d30a9f950]:
    Tools
    Options
    Privacy
    Cookies
    aanvinken: "for the originating site only"

    Installeer verder [b:8d30a9f950]SpywareBlaster[/b:8d30a9f950], dat programma blokkeert ook tracking cookies.
    http://www.nucia.nl/toonhandleiding.php?handleidingid=12

    Groeten smeenk :wink:
  • Hartstikke bedankt, alle stappen succesvol doorlopen. Ik ben van alle irritante pop-ups af en de pc is weer een stuk sneller.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.